[Samba] Samba and Heimdal Kerberos V Authentication
Ludek Finstrle
ludek.finstrle at pzkagis.cz
Tue Dec 5 09:37:53 GMT 2006
> >> > I am curious whether it is possible to have Samba authenticate against
> >> > Kerberos as a password backend, particularly with the Heimdal
> >> > implementation. I really am not much of a Windows guru and try to
> >> > avoid the OS as much as possible; but I have gathered that from 2000
> >> > onwards it has supported Kerberos V for authentication. Would this
> >> > mean that the winbind backend could be used to talk to the Kerberos
> >> > server?
> >> >
> >> > I really want to avoid having to write any custom scripts or wrappers
> >> > to synchronize passwords between Samba and Kerberos.
> >>
> >> Recommended reading:
> >> http://www.pdc.kth.se/heimdal/heimdal.html#Using-LDAP-to-store-the-database
> >>
> Yes I use it with ~1000 users, and it's working like charm, you just
> have to take care of the ACLs of passwords stored on LDAP as stated on
> Samba and Heimdal documentations, also if you want nonsasl binds you may
> want to set the userPassword attributes to
> {SASL}theusersuid at YOUR.KERBEROS.REALM. I've attached my
> /usr/lib/sasl2/slapd.conf, /etc/default/saslauthd (I use debian), and
> hdb.schema (I've found it googleing).
Hello,
I see no way to authenticate Samba againist Kerberos without AD.
As I know samba doesn't use userPassword but it use sambaLMPassword and
sambaNTPassword instead (due to different encryption). So what's the
difference between storing Kerberos data in LDAP and storing it
separately?
Am I missing something important?
Regards,
Luf
More information about the samba
mailing list